Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
IBM DB2 Flaws Let Remote and Local Users Deny Service
|
|
SecurityTracker Alert ID: 1023376 |
|
SecurityTracker URL: http://securitytracker.com/id/1023376
|
|
CVE Reference:
CVE-2009-4325, CVE-2009-4326, CVE-2009-4327, CVE-2009-4328, CVE-2009-4329, CVE-2009-4330, CVE-2009-4331, CVE-2009-4332, CVE-2009-4333, CVE-2009-4334, CVE-2009-4335
(Links to External Site)
|
Date: Dec 21 2009
|
Impact:
Denial of service via local system, Denial of service via network, Disclosure of authentication information, Not specified
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 8.2 prior to FP18, 9.1 prior to FP8, 9.5 prior to FP5
|
Description:
Several vulnerabilities were reported in IBM DB2. A remote or remote authenticated user can cause denial of service conditions. A local user can cause denial of service conditions. The impact of some vulnerabilities were not specified.
The Client Interfaces component fails to check for null pointers [CVE-2009-4325].
The RAND scalar function in the Common Code Infrastructure component contains a flaw when the Database Partitioning Feature (DPF) is used [CVE-2009-4326].
The Common Code Infrastructure component does not properly validate the size of a memory pool during a creation attempt, permitting excessive memory consumption [CVE-2009-4327].
A remote authenticated user can exploit an unspecified flaw in the DRDA Services component to cause denial of service conditions [CVE-2009-4328].
A remote authenticated user can exploit an unspecified flaw in the Engine Utilities component to cause denial of service conditions [CVE-2009-4329].
A local user can exploit an unspecified flaw in db2licm in the Engine Utilities [CVE-2009-4330].
The Install component configures the High Availability (HA) scripts with unsafe file-permission and authorization settings [CVE-2009-4331].
A user can exploit an unspecified flaw in db2pd in the Problem Determination component cause denial of service conditions [CVE-2009-4332].
A user can exploit a flaw in the Relational Data Services component to obtain the password argument from the SET ENCRYPTION PASSWORD statement [CVE-2009-4333].
A local user can write to the Self Tuning Memory Manager (STMM) log file to cause denial of service conditions [CVE-2009-4334].
A remote user can exploit flaws in in some bundled stored procedures in the Spatial Extender component [CVE-2009-4335].
The vendor has assigned APARs IC62501, IC62625, IC63179, IC63581, IC64019, IC64298, IC64702, IZ43772, IZ28509, IZ38819, IZ44872, IZ50355, IZ52083, LI72709, LI74500, and LI74504 to these vulnerability.
|
Impact:
A remote or remote authenticated user can cause denial of service conditions.
A local user can cause denial of service conditions on the target system.
A user can obtain password information.
The impact of some of the vulnerabilities was not specified.
|
Solution:
The vendor has issued a fix (8.2 FP18, 9.1 FP8, 9.5 FP5).
The vendor's advisories are available at:
http://www-01.ibm.com/support/docview.wss?uid=swg21293566
http://www-01.ibm.com/support/docview.wss?uid=swg21412902
|
Vendor URL: www-01.ibm.com/support/docview.wss?uid=swg21293566 (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
Go to the Top of This SecurityTracker Archive Page
|
